CVE-2022-20946

EPSS 0.23%
Veröffentlicht 15.11.2022 21:15:35
Zuletzt bearbeitet 21.11.2024 06:43:52
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

 This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition.

    

  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM"]

 
 This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Firepower Threat Defense Version >= 6.3.0 <= 6.3.0.5

Cisco ≫ Firepower Threat Defense Version >= 6.4.0 <= 6.4.0.15

Cisco ≫ Firepower Threat Defense Version >= 6.5.0 <= 6.5.0.5

Cisco ≫ Firepower Threat Defense Version >= 6.6.0 <= 6.6.5.2

Cisco ≫ Firepower Threat Defense Version >= 6.7.0 <= 6.7.0.3

Cisco ≫ Firepower Threat Defense Version >= 7.0.0 <= 7.0.3

Cisco ≫ Firepower Threat Defense Version7.1.0.0

Cisco ≫ Firepower Threat Defense Version7.1.0.1

Cisco ≫ Firepower Threat Defense Version7.1.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.459

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
psirt@cisco.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM

https://nvd.nist.gov/vuln/detail/CVE-2022-20946

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-20946

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-20946

EUVD